| 導購 | 订阅 | 在线投稿
分享
 
 
 

Postfix+ClamAV+Amavisd-new

來源:互聯網  2008-05-31 00:03:07  評論

從 2004 年初到現在 2004 年 3月15 日止,網路上病毒滿天飛,蠻多同仁因為誤開了有毒的 e-mail,而造成病毒到處流竄央及其他同事,累壞了不少 MIS 人員,這真是極大的困擾,所以郵件伺服器防毒的工作,將是事在必行的。雖然說:Server 上郵件防毒過濾,並不能百分之百的阻礙病毒的流竄,但是多一道防線總是多一份安心,Clamav 經過網路上朋友的測試報告結果,雖然為免費的軟體但其防毒效益達將進 99% ,因此,我將現有的 Postfix Mail 加裝免費的郵件防毒軟體 Clamav ,來防禦病毒郵件。

Environment :

硬體:i386 PC Intel P3 500

記憶體網卡:512M RAM + Intel 網卡

作業系統:FreeBSD 6.0 Release

Flowchart :

e-mail [postifx (*:25)] [amavisd-new (127.0.0.1:10024)] [postfix (127.0.0.1:10025)] [delivery agent (local/smtp/...)]

Setp 1.

加裝 Clamav

#cd /usr/ports/security/clamav

#make install clean # 全都沒選

Options for clamav 0.87.1

[ ] MILTER Compile the milter interface

[ ] CURL Support URL downloading

[ ] LIBUNRAR Support for external Unrar library

編輯啟動檔 #vi /etc/rc.conf

clamav_clamd_enable="YES" # 讓 clamav 於開機時自動啟動

clamav_freshclam_enable="YES" # 讓 freshclam 於開機時自動以 daemon 方式啟動

#cd /usr/local/etc

#cp freshclam.conf.default freshclam.conf # freshclam 是 clamav 病毒更新程式

編輯設定檔: #vi /usr/local/etc/clamd.conf # 內容沒有甚麼大的更改,大約開了下面這些東西:

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 2M

LogTime

LogSyslog

LogVerbose

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd

StreamSaveToDisk

MaxDirectoryRecursion 15

User clamav

AllowSupplementaryGroups

ScanMail

ScanArchive

ArchiveMaxFileSize 10M

ArchiveMaxRecursion 5

ArchiveMaxFiles 1000

ClamukoScanOnOpen

ClamukoScanOnClose

ClamukoScanOnExec

ClamukoIncludePath /home

ClamukoMaxFileSize 1M

ClamukoScanArchive

Setp 2.

再加裝 Amavisd-new

#cd /usr/ports/security/amavisd-new/

#make install clean # 全都不選

Options for amavisd-new 2.3.3,1

[ ] MYSQL MySQL support

[ ] PGSQL PgSQL support

[ ] LDAP LDAP support

[ ] MILTER sendmail milter support

編輯設定檔:#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf

#vi /usr/local/etc/amavisd.conf # 總共有八個 Section可編輯,內容如下:

# Section I

$mydomain = 'ms1.ntut.idv.tw';

$forward_method = 'smtp:127.0.0.1:10025';

$notify_method = $forward_method;

# Section II

沒更改變使用預設

# Section III

$DO_SYSLOG = 0; # 由 1 改 0

# Section IV

沒更改變使用預設

# Section V

沒更改變使用預設

# Section VI

沒更改變使用預設

# Section VII

沒更改變使用預設

# Section VIII

沒更改變使用預設

新增 log 檔所要使用的目錄及改變目錄權限:

#mkdir /var/log/amavis

#chown vscan:vscan amavis

#cd amavis

#touch amavis.log

#chown vscan amavis.log

#cd /var

#chown -R vscan:clamav amavis

編輯啟動檔 #vi /etc/rc.conf 增加:

amavisd_enable="YES" # rc.conf 裡讓 amavisd 開機自動 up

Setp 3.

#vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必須要空一格 postfix 才會正常啟動

smtp-amavis unix - - n - 2 smtp

-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

#vi /usr/local/etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

#cd /usr/local/etc/postfix/

#vi aliases # 編輯 aliases 這個 DB 檔內容如下:

virusalert: root # 將寄給 virusalert 的病毒警告信,轉給 root 這位管理者。

#postalias aliases # 將資料導入 postfix 的 DB

#postfix reload # 重跑 postfix

#reboot # 重開機讓 amavisd-new 及 clamav ,freshclam 開機時跑起來

測試:

# telnet localhost 10024

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.ms1.ntut.idv.tw.

Escape character is '^]'.

220 [127.0.0.1] ESMTP amavisd-new service ready

quit

# telnet localhost 10025

Trying 127.0.0.1...

Connected to localhost.ms1.ntut.idv.tw.

Escape character is '^]'.

220 ms1.ntut.idv.tw ESMTP Postfix

quit

參考資料:

http://www.clamav.net/

http://www.ijs.si/software/amavisd/

http://www.voyager.gr.jp/~sampei/freebsd/amavis_m.html

http://mail.x-si.org/articles/av.html

To Add .

2004/04/13 遇到一個問題,很多 Mail 被錯判為 SpamMail,所以找到 /usr/local/etc/amavisd.conf 裡的這幾段,並且除了 $final_virus_destiny 之外,其餘全設定為 D_PASS ,將垃圾郵件過濾機智關掉只留下防毒,以防止錯判。

$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)

$final_banned_destiny = D_PASS; # (defaults to D_BOUNCE)

$final_spam_destiny = D_PASS; # (defaults to D_REJECT)

$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)

最後修改日期: 2005/11/24

最後修改:http://freebsd.ntut.idv.tw/document/postfix_clamav_amavisd-new.html

從 2004 年初到現在 2004 年 3月15 日止,網路上病毒滿天飛,蠻多同仁因為誤開了有毒的 e-mail,而造成病毒到處流竄央及其他同事,累壞了不少 MIS 人員,這真是極大的困擾,所以郵件伺服器防毒的工作,將是事在必行的。雖然說:Server 上郵件防毒過濾,並不能百分之百的阻礙病毒的流竄,但是多一道防線總是多一份安心,Clamav 經過網路上朋友的測試報告結果,雖然為免費的軟體但其防毒效益達將進 99% ,因此,我將現有的 Postfix Mail 加裝免費的郵件防毒軟體 Clamav ,來防禦病毒郵件。 Environment : 硬體:i386 PC Intel P3 500 記憶體網卡:512M RAM + Intel 網卡 作業系統:FreeBSD 6.0 Release Flowchart : e-mail [postifx (*:25)] [amavisd-new (127.0.0.1:10024)] [postfix (127.0.0.1:10025)] [delivery agent (local/smtp/...)] Setp 1. 加裝 Clamav #cd /usr/ports/security/clamav #make install clean # 全都沒選 Options for clamav 0.87.1 [ ] MILTER Compile the milter interface [ ] CURL Support URL downloading [ ] LIBUNRAR Support for external Unrar library 編輯啟動檔 #vi /etc/rc.conf clamav_clamd_enable="YES" # 讓 clamav 於開機時自動啟動 clamav_freshclam_enable="YES" # 讓 freshclam 於開機時自動以 daemon 方式啟動 #cd /usr/local/etc #cp freshclam.conf.default freshclam.conf # freshclam 是 clamav 病毒更新程式 編輯設定檔: #vi /usr/local/etc/clamd.conf # 內容沒有甚麼大的更改,大約開了下面這些東西: LogFile /var/log/clamav/clamd.log LogFileMaxSize 2M LogTime LogSyslog LogVerbose PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd StreamSaveToDisk MaxDirectoryRecursion 15 User clamav AllowSupplementaryGroups ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive Setp 2. 再加裝 Amavisd-new #cd /usr/ports/security/amavisd-new/ #make install clean # 全都不選 Options for amavisd-new 2.3.3,1 [ ] MYSQL MySQL support [ ] PGSQL PgSQL support [ ] LDAP LDAP support [ ] MILTER sendmail milter support 編輯設定檔:#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf #vi /usr/local/etc/amavisd.conf # 總共有八個 Section可編輯,內容如下: # Section I $mydomain = 'ms1.ntut.idv.tw'; $forward_method = 'smtp:127.0.0.1:10025'; $notify_method = $forward_method; # Section II 沒更改變使用預設 # Section III $DO_SYSLOG = 0; # 由 1 改 0 # Section IV 沒更改變使用預設 # Section V 沒更改變使用預設 # Section VI 沒更改變使用預設 # Section VII 沒更改變使用預設 # Section VIII 沒更改變使用預設 新增 log 檔所要使用的目錄及改變目錄權限: #mkdir /var/log/amavis #chown vscan:vscan amavis #cd amavis #touch amavis.log #chown vscan amavis.log #cd /var #chown -R vscan:clamav amavis 編輯啟動檔 #vi /etc/rc.conf 增加: amavisd_enable="YES" # rc.conf 裡讓 amavisd 開機自動 up Setp 3. #vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必須要空一格 postfix 才會正常啟動 smtp-amavis unix - - n - 2 smtp -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes #vi /usr/local/etc/postfix/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024 #cd /usr/local/etc/postfix/ #vi aliases # 編輯 aliases 這個 DB 檔內容如下: virusalert: root # 將寄給 virusalert 的病毒警告信,轉給 root 這位管理者。 #postalias aliases # 將資料導入 postfix 的 DB #postfix reload # 重跑 postfix #reboot # 重開機讓 amavisd-new 及 clamav ,freshclam 開機時跑起來 測試: # telnet localhost 10024 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost.ms1.ntut.idv.tw. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready quit # telnet localhost 10025 Trying 127.0.0.1... Connected to localhost.ms1.ntut.idv.tw. Escape character is '^]'. 220 ms1.ntut.idv.tw ESMTP Postfix quit 參考資料: http://www.clamav.net/ http://www.ijs.si/software/amavisd/ http://www.voyager.gr.jp/~sampei/freebsd/amavis_m.html http://mail.x-si.org/articles/av.html To Add . 2004/04/13 遇到一個問題,很多 Mail 被錯判為 SpamMail,所以找到 /usr/local/etc/amavisd.conf 裡的這幾段,並且除了 $final_virus_destiny 之外,其餘全設定為 D_PASS ,將垃圾郵件過濾機智關掉只留下防毒,以防止錯判。 $final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE) $final_banned_destiny = D_PASS; # (defaults to D_BOUNCE) $final_spam_destiny = D_PASS; # (defaults to D_REJECT) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS) 最後修改日期: 2005/11/24 最後修改:http://freebsd.ntut.idv.tw/document/postfix_clamav_amavisd-new.html
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有